Shueisha

Migrates its web portal to AWS to secure members’ information and grow its business

Challenges

As a publishing house with a large and diverse portfolio, Shueisha provides a wide range of novels and literary material to the Japanese public, including comic books, lifestyle magazines, and publications showcasing new writing talent. In recent years, the company has actively leveraged the wealth of content that it holds to provide information to readers through websites.

“HAPPY PLUS,” a web portal aimed at women, is among their most successful websites. “HAPPY PLUS uses content from a variety of our women’s magazines to provide information about fashion, beauty, gourmet, cooking, travel, and weddings to a broad audience of women,” explains Shueisha’s Takatoshi Yokota.

Shueisha originally hosted HAPPY PLUS on the same shared servers that hosted its corporate site. But as traffic to the site increased—and experienced large surges as each new article appeared—it became harder to maintain acceptable service levels. In order to respond to the increased traffic, the company decided to migrate HAPPY PLUS to a cloud platform. After evaluating track records, costs, and operational manageability, the company migrated the site to Amazon Web Services (AWS).

At the same time as the migration to the cloud, the company also made efforts to strengthen security. “As a membership site, HAPPY PLUS has to protect its members’ private information. With increasing damage from new threats such as ‘list-based account hacking,’ which uses stolen credentials to fraudulently infiltrate websites, we realized that updating the security was a critical need,” says Yokota.

Solution

After discussions with Classmethod Inc., the cloud integrators responsible for the new HAPPY PLUS deployment, Shueisha chose Trend Micro Deep Security as their new cloud security solution.

The company was particularly impressed with Deep Security’s track record for protecting systems on AWS. Deep Security integrates all functions that are considered essential to reliably detect and eliminate the threats that target web systems.

“HAPPY PLUS is operated by a limited number of personnel, so we needed to reduce the operational burden as much as we could. Deep Security provides IDS/IPS, Web Application Firewall (WAF), and antivirus functions. As a single, comprehensive solution, it’s not only more effective than a collection of single-function solutions, it’s also far more efficient, since everything from daily management to technical support is completely integrated,” explains Yokota. Furthermore, it was also possible to detect the list-based attacks mentioned previously by monitoring Deep Security logs. Because Deep Security’s Web-application firewall (WAF) can be deployed on hosts, Shueisha did not have to consider network restrictions, a problem which commonly occurs with gateway WAF.

The deployment went ahead after thorough load testing confirmed that Deep Security did not affect operation of the site even during times of high load.

“Deep Security integrates all the security functions that we consider essential. In addition to the security that it provides, the ability to operate it more efficiently than deploying separate solutions is very appealing.”

Results

The HAPPY PLUS infrastructure on AWS includes web servers, application servers, and databases (see diagram). Deep Security is deployed on six web servers that are the most susceptible to an outside attack. Since the security of the IDS/IPS is particularly important, it runs in “block mode.”

The IDS/IPS capabilities of Deep Security can be deployed either in “detect mode” or “block mode.” In detect mode, malicious content is allowed to pass through, and an alert is sent to administrators. Shueisha chose to deploy in block mode, which blocks malicious traffic in addition to generating an alert. “Detect mode is useful if you have services like payment processing or communication, where interruptions could be very costly. But since HAPPY PLUS traffic doesn’t include that kind of service, we use block mode to optimize security,” says Yokota.

Trend Micro took the unique characteristics of HAPPY PLUS into account and provided support to optimize the settings of Deep Security for the environment. “Although we frequently meet with our integrators, software vendors tend to remain at a distance. However, Trend Micro visits us frequently and responds attentively to even our most detailed questions. This support has given us a great sense of security,” says Yokota.

After using Deep Security to create a safe and secure operating environment on AWS, Shueisha now enjoys the cloud’s benefits, including a reduction of costs and operational workload, as well as the resource elasticity of Amazon’s “Auto Scaling” feature. In the future, the company plans to expand its service platform as the number of HAPPY PLUS members increases.

“Using the web and the cloud will become significant keys for Shueisha’s business. Security countermeasures are essential to allow our customers to use our services with peace of mind. We expect Trend Micro to continue providing us with the optimal proposals and solutions,” says Yokota.